diff --git a/Makefile b/Makefile index 06c50ad..20566c0 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ deps: cd frontend && npm install up: build - ( cd frontend && npm run server ) & USER_ID=$(shell id -u) docker-compose up && wait + ( cd frontend && NODE_ENV=development npm run server ) & USER_ID=$(shell id -u) docker-compose up && wait sg: docker-compose exec -u $(shell id -u) super-graph sh @@ -17,4 +17,7 @@ down: docker-compose down -v --remove-orphans db-shell: - docker-compose exec postgres psql -Usupergraph \ No newline at end of file + docker-compose exec postgres psql -Usupergraph + +hydra-shell: + docker-compose exec hydra /bin/sh \ No newline at end of file diff --git a/README.md b/README.md index e4c4816..8620f09 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,9 @@ Les services suivants devraient être disponibles après démarrage de l'environ |Application React|HTTP (UI)|http://localhost:8081/|Page d'accueil de l'application React (serveur Webpack)| |Interface Web GraphQL|HTTP (UI)|http://localhost:8080/|Interface Web de développement de l'API GraphQL| |Serveur GraphQL|HTTP (GraphQL)|http://localhost:8080/api/v1/graphql|Point d'entrée de l'API GraphQL| +|Serveur Hydra|HTTP (ReST)|http://localhost:4444|Point d'entrée pour l'API OAuth2 d'[Hydra](https://www.ory.sh/hydra/docs/)| +|Serveur Hydra Passwordless|HTTP|http://localhost:3000|Point d'entrée pour la ["Login/Consent App"](https://www.ory.sh/hydra/docs/implementing-consent) [hydra-passwordless](https://forge.cadoles.com/wpetit/hydra-passwordless)| +|Serveur FakeSMTP|HTTP|http://localhost:8082|Interface web du serveur [FakeSMTP](https://forge.cadoles.com/wpetit/fake-smtp) |Serveur PostgreSQL|TCP/IP (PostgreSQL)|`127.0.0.1:5432`|Port de connexion à la base de données PostgreSQL de développement| #### Fichiers/répertoires notables @@ -46,6 +49,10 @@ Les services suivants devraient être disponibles après démarrage de l'environ |`make down`|Stopper et supprimer l'environnement de développement.| |`make db-shell`|Ouvrir une console `psql` sur la base de données de développement.| +#### Ressources + +- [Execute an Authorization Code Grant Flow with PKCE](https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce) + ## Licence AGPL-3.0 diff --git a/docker-compose.yml b/docker-compose.yml index bbad58e..e6e3855 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,11 +20,69 @@ services: - postgres ports: - 8080:8080 + postgres: - image: postgres:12-alpine + build: + context: ./misc/containers/postgres + args: + - HTTP_PROXY=${HTTP_PROXY} + - HTTPS_PROXY=${HTTPS_PROXY} + - http_proxy=${http_proxy} + - https_proxy=${https_proxy} environment: - - POSTGRES_PASSWORD=daddy - - POSTGRES_USER=daddy - - POSTGRES_DB=daddy + - POSTGRES_PASSWORD=postgres ports: - - 5432:5432 \ No newline at end of file + - 5432:5432 + volumes: + - postgres_data:/var/lib/postgresql/data + + hydra: + build: + context: ./misc/containers/hydra + environment: + DSN: postgres://hydra:hydra@postgres:5432/hydra + URLS_LOGIN: http://localhost:3000/login + URLS_CONSENT: http://localhost:3000/consent + URLS_LOGOUT: http://localhost:3000/logout + SUPPORTED_SCOPES: email + SUPPORTED_CLAIMS: email,email_verified + SECRETS_SYSTEM: fAAya66yXNib52lbXpo16bxy1jD4NZrX + HYDRA_ADMIN_URL: http://localhost:4445 + ports: + - 4444:4444 + command: hydra serve all --dangerous-force-http + + hydra-passwordless: + image: bornholm/hydra-passwordless + ports: + - 3000:3000 + environment: + - HTTP_COOKIE_AUTHENTICATION_KEY=XNFEWQwYB9WiVSnkHoFnMtNDL6X88apR4DmDBwh7gVgdJ3LTdLRLwGZAALnVN2yg + - HTTP_COOKIE_ENCRYPTION_KEY=xtHEd36Uo4DFeS2JgPPm94fPBfinY3xi + - HTTP_TOKEN_AUTHENTICATION_KEY=sGToi4yiP5yWrZzKdKaDA3XNpkcg9CRAaycuhr5gy2XnPKzUS7N6wGEFhMq9WPuf + - HTTP_TOKEN_ENCRYPTION_KEY=LAbuEWUeNDCLniRcyjiBCZ8ecgwN9Van + - SMTP_HOST=smtp + - SMTP_PORT=2525 + - SMTP_USE_START_TLS=false + - SMTP_USER= + - SMTP_PASSWORD= + - SMTP_INSECURE_SKIP_VERIFY=true + - HYDRA_BASE_URL=http://hydra:4445 + - HYDRA_FAKE_SSL_TERMINATION=false + + smtp: + image: bornholm/fake-smtp + ports: + - 8082:8080 + - 2525:2525 + environment: + - FAKESMTP_SMTP_ADDRESS=:2525 + - FAKESMTP_SMTP_DEBUG=true + - FAKESMTP_SMTP_USERNAME= + - FAKESMTP_SMTP_PASSWORD= + - FAKESMTP_SMTP_ALLOWINSECUREAUTH=true + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro +volumes: + postgres_data: \ No newline at end of file diff --git a/misc/containers/hydra/Dockerfile b/misc/containers/hydra/Dockerfile new file mode 100644 index 0000000..f63eb44 --- /dev/null +++ b/misc/containers/hydra/Dockerfile @@ -0,0 +1,18 @@ +FROM oryd/hydra:v1.4.2-alpine + +USER root + +COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint +RUN chmod a+x /usr/local/bin/docker-entrypoint + +COPY first-run.sh /usr/local/bin/docker-first-run +RUN chmod a+x /usr/local/bin/docker-first-run + +COPY hydra-init.d /hydra-init.d + +RUN mkdir -p /home/ory && chown -R ory: /home/ory +USER ory + +ENTRYPOINT ["/usr/local/bin/docker-entrypoint"] + +CMD ["hydra", "serve", "all"] \ No newline at end of file diff --git a/misc/containers/hydra/docker-entrypoint.sh b/misc/containers/hydra/docker-entrypoint.sh new file mode 100644 index 0000000..86526e6 --- /dev/null +++ b/misc/containers/hydra/docker-entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +set -xeo pipefail + +LIFECYCLEFLAGS_DIR="$HOME/.container-lifecycle" + +mkdir -p "$LIFECYCLEFLAGS_DIR" + +if [ ! -f "$LIFECYCLEFLAGS_DIR/first-run" ]; then + /usr/local/bin/docker-first-run + touch "$LIFECYCLEFLAGS_DIR/first-run" +fi + +exec "$@" \ No newline at end of file diff --git a/misc/containers/hydra/first-run.sh b/misc/containers/hydra/first-run.sh new file mode 100644 index 0000000..99f8de5 --- /dev/null +++ b/misc/containers/hydra/first-run.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +hydra migrate sql -e -y + +hydra serve all --dangerous-force-http & +HYDRA_PID=$! +run-parts --exit-on-error /hydra-init.d +kill $HYDRA_PID \ No newline at end of file diff --git a/misc/containers/hydra/hydra-init.d/create-client b/misc/containers/hydra/hydra-init.d/create-client new file mode 100755 index 0000000..70e294c --- /dev/null +++ b/misc/containers/hydra/hydra-init.d/create-client @@ -0,0 +1,8 @@ +#!/bin/sh + +hydra clients create \ + --id daddy \ + -n Daddy \ + --secret 'KE9wOXR-~7qCXNKWzw23EpNroq' \ + -a email,email_verified \ + -c http://localhost:8081/oauth2/callback \ No newline at end of file diff --git a/misc/containers/postgres/Dockerfile b/misc/containers/postgres/Dockerfile new file mode 100644 index 0000000..f4ea954 --- /dev/null +++ b/misc/containers/postgres/Dockerfile @@ -0,0 +1,3 @@ +FROM postgres:12-alpine + +COPY ./initdb.d /docker-entrypoint-initdb.d \ No newline at end of file diff --git a/misc/containers/postgres/initdb.d/init-databases.sh b/misc/containers/postgres/initdb.d/init-databases.sh new file mode 100644 index 0000000..ddbbb85 --- /dev/null +++ b/misc/containers/postgres/initdb.d/init-databases.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER hydra WITH ENCRYPTED PASSWORD 'hydra'; + CREATE DATABASE hydra; + GRANT ALL PRIVILEGES ON DATABASE hydra TO hydra; +EOSQL + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER daddy WITH ENCRYPTED PASSWORD 'daddy'; + CREATE DATABASE daddy; + GRANT ALL PRIVILEGES ON DATABASE daddy TO daddy; +EOSQL \ No newline at end of file